Following a string of data breaches that touched tens of millions of consumers, and revelations of user data exploitation by popular social media platforms, there’s a broad national consensus: It’s time for internet users to have guarantees about privacy and data protection. Legislation is long overdue.
Some states, such as California, have already taken action. One year ago, California passed a sweeping privacy protections law. Other states have expressed an intention to do so, and Congress is expected to consider legislation. What’s the best way forward?
Congress must take its responsibility to protect user privacy and data seriously. At a minimum, any new federal law should provide internet users with the knowledge of which personal information is collected by the websites they visit and how that information is used. They should have a meaningful opportunity to opt out of these collection and use practices.
Congress should also ensure that any user’s sensitive personal identification information — such as a driver’s license, credit card number or Social Security number — can be collected and retained only with that user’s consent. Reasonable rights to access and correct user-provided information should also be afforded.
But it’s important to realize that web services are offered on a national basis and many would be disrupted by a multiplicity of diverse and contradictory state privacy requirements. The compliance costs could be enormous, particularly for small and startup businesses. There may be situations where it’s literally impossible to comply with the conflicting requirements of different states’ laws.
Not only would compliance with various state requirements be exceedingly difficult, consumers would be constantly unsure about which state’s privacy requirements apply. Consider the mobile service provider whose customer lives in one state, travels to another state and accesses an e-commerce site headquartered in a third state. The service provider is headquartered in a fourth state and uses a server data center in a fifth state.
Whose law applies — the state of residence of the customer or internet edge provider? The state of location of the customer or that of the service provider? Or the state where a server sends and receives customer messages?
To avoid this obvious confusion, it’s far better for Congress to adopt one strong, clear national privacy standard that would be applicable across the entire internet ecosystem, from the service provider to content-providing companies. In order to prevent disruption and consumer confusion in the application of an internet privacy law, Congress should pass its own privacy standard that preempts the states from their own regulation.
Such action would certainly not be new. Congress routinely preempts states in instances where a single uniform national standard is called for.
For example, in the Energy Policy and Conservation Act, Congress preempted state (and local) action on the energy efficiency of appliances where a national standard is in place. In the Toxic Substances Control Act, Congress preempted state action in favor of national regulation of chemicals covered by Environmental Protection Agency rules. Congress has also been quite clear that action by the Food and Drug Administration preempts conflicting state standards in the area of approval of new pharmaceuticals and medical devices.
Appliances, chemicals, prescription drugs, medical devices — all of these are goods of major importance to the national economy. So too is e-commerce involving the sale of both physical and digital goods. Federal preemption was right in the areas referenced above and, to avoid harming the internet economy and preventing consumer misunderstanding, is also right for data privacy standards.
It would be a critical mistake for Congress to enact a data privacy law that only provides a base from which the states can add additional requirements. Through the resulting disruption and chaos, harm would come to the internet economy while doing little if anything to advance real privacy for internet users.
A single, strong national data privacy standard would provide clear rules for companies to follow while fostering consumer understanding of the privacy assurances that have been extended to them.
Fortunately, the need for data privacy protection enjoys rare, widespread bipartisan support. It’s now Congress’ turn to act.
Rick Boucher was a member of the U.S. House for 28 years, representing Virginia’s ninth district. He chaired the House Energy and Commerce Committee’s Subcommittee on Communications and the Internet. He is honorary chairman of the Internet Innovation Alliance and a partner in the Washington, D.C., office of the law firm Sidley Austin. (This piece was originally published in the San Francisco Chronicle on June 26, 2019, and is reprinted with permission of the author.)
BroadbandBreakfast.com accepts commentary from informed observers of the broadband scene. Please send pieces to email@example.com. The views reflected in Expert Opinion pieces do not necessarily reflect the views of BroadbandBreakfast.com and Breakfast Media LLC.
- Breakfast Media Minute: July 7, 2020
- Supreme Court Upholds Act Banning Robocalls For Debt Collectors and Political Consultants
- Global Divisions Over 5G, Zuckerberg Says Advertisers Will Return, Lifeline Program Underutilized
- Content Moderation Experts Discuss Future of Section 230 in Broadband Breakfast Live Online Event
- Breakfast Media Minute: July 6, 2020
Signup for Broadband Breakfast
Fiber1 month ago
Fiber Networks Hold a Cybersecurity Advantage Over Rival Co-Axial and Wireless Technologies, Say Panelists
Congress1 month ago
Senators Introduce Healthcare Broadband Bill as House Companion, Proposes $2 Billion Telehealth Expansion
Artificial Intelligence3 weeks ago
Brookings Panelists Emphasize Importance of Addressing Biases in Artificial Intelligence Technology
Congress1 month ago
Partisan Disagreement Delays Broadband Funding That Might Come Through HEROES Act
#broadbandlive3 weeks ago
Broadband Breakfast Live Online on Wednesday, June 17, 2020 – Federal Broadband Funds and Opportunity Zones
Expert Opinion1 month ago
Gary Bolton: Under the Stress of COVID-19, the Networks That Held Fast Were Symmetrical Fiber Broadband
Broadband Roundup7 days ago
Artificial Intelligence Task Force, State Cybersecurity, ADTRAN Offers Rural Funding Guidance
Artificial Intelligence6 days ago
U.S. State Department Employing Artificial Intelligence Against COVID-19 Misinformation